Wind River Linux Secure

By: Wind River  09-12-2011
Keywords: embedded software, Linux Development, Commercial Embedded Linux

For the first time, organizations that require medium to high robustness in their embedded software have the option of using the world's most popular operating system in mission-critical deployments.

Wind River achieved these certifications on popular embedded hardware architectures from Intel, Freescale, and Texas Instruments.

Wind River Linux Secure protects your devices, your schedule, and your budget

The product offers the following:

A Trusted Operating System from a Trusted Vendor
Your operating system manages your system resources. If the heart of your product is secure, your customers—and theirs—can put their faith in it even in extreme circumstances. Wind River Linux Secure meets or exceeds common industry definitions of a trusted operating system: Common Criteria certification, mandatory access control, and multilevel security.

A Complete Solution
Based on the industry-leading commercial embedded Linux platform, Wind River Linux Secure builds out from its certified core (kernel, user space packages, BSP, and hardware) to provide an end-to-end embedded Linux development platform. Mature, thoroughly tested tools and technology are complemented with extended global support, professional and certification services, open source leadership, and an unmatched partner ecosystem.

Extensible Certification
Because Wind River Linux Secure is certified on multiple hardware architectures from several leading semiconductor vendors, it offers a commercial off-the-shelf (COTS)-ready option to companies that choose to develop projects on pre-certified configurations. Custom boards and additional packages can be validated as modifications or extensions of the original certification, not new targets.

What does this mean to you? Faster time-to-market, lower cost, dramatically reduced risk.

Wind River Linux Secure Meets and Exceeds Requirements

The General Purpose Operating System Protection Profile (GP-OSPP) outlines the security requirements that must be met to achieve Common Criteria Evaluation Assurance Level 4 (EAL4) certification.

These requirements fall into four broad categories, each of which provides protection against one known class of security threat:

  • Identification and authentication
    • Human users, other systems, or anonymous users
    • Performed remotely
  • User data protection
    • Persistent storage: at least one file system with granular discretionary access control
    • Communication objects: basic packet filter
  • Auditing
    • Event recording
    • Audit trail protection
  • Cryptographic services
    • TDES (128), AES (128), RSA (2048), DSA (1024), SHA1, RNG, key generation
    • TLSv1, SSHv2, IPsec with IKE

To see how Wind River Linux Secure implements security, mouse over the buttons in the following diagram.

SELinux and Governing Security Policy

  • Domain and Type Enforcement
  • Multilevel Security (MLS)
  • Multi-category Security (MCS)

Access Control

  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role-Based Access Control (RBAC)

Memory Protection

  • Grsecurity, Trusted Path Execution (TPE), and RBAC
  • PaX, Address Space Layout Randomization (ASLR)
  • ProPolice, Compile Time Stack Protection
  • Buffer Overflow Protection
  • chroot Jail Hardening

Identification and Authentication

  • Linux Pluggable Authentication Module (LPAM)
  • Vlock, Account Expiry
  • User Data Services (Secure Backup and Scrubbing)

Cryptographic Services

  • FIPS Certified Network Security Services (NSS)
  • Wind River Cryptographic Framework (WCF)

Secure Networking

  • MLS/MCS Labeled Networking
  • IPsec
  • OpenSSL, GNU TLS
  • Kerberos, Racoon
  • VLAN, Stunnel
  • KeyNote Trust Management

System Auditing

  • Linux Audit Framework
  • LogSentry

Complete Solution: Scalable Certified Solution for All Project Sizes

Beginning with its trusted OS core, Wind River Linux Secure offers organizations all the tools they need to create, certify, and support innovative custom devices.

Wind River provides expertise in certification processes, system design, and platform customization

Whether your organization is new to Linux or experienced with open source, our complete offering of professional and certification services can help you meet your goals and deadlines.

When Secure Connectivity Is a Requirement

Aerospace and Defense
The U.S. Department of Defense urges its suppliers to use open source software for persuasive reasons:

  • Penetration across industries
  • Huge developer talent pool
  • Vast library of APIs, applications, and ISV support
  • Lower total cost of ownership
  • Suitability for high bandwidth applications

Wind River Linux Secure is the right choice wherever certification evidence is required. It is well-suited for use in military command-and-control ground stations, in software defined radio, in secure handheld devices, and in GPS satellite and combat systems requiring medium to high levels of assured security and robustness.

Industrial Automation
Wind River Linux Secure is a good choice for user interface/human-machine interface, data visualization, multimedia, and other applications where data must be protected over secured networks, in smart energy gateways and cross-domain guards.

As more medical information and treatment relies on network connectivity, Wind River Linux Secure can provide data security and integrity as well as high availability and reliability to ensure patient privacy and system uptime.

Wind River Linux Secure offers cost and competitive advantages in network filter and edge infrastructure applications by offering a hardened, trusted operating system for increased security and performance assurance.

Keywords: Commercial Embedded Linux, embedded software, Linux Development,

Other products and services from Wind River


Wind River Mobile Linux

Leveraging our staff of more than 300 across six development centers, located in Korea, China, North America, Romania, France, and Germany, and vast experience from customers in every step in the value chain, Wind River is changing the way the mobile industry is developing and deploying innovative mobile devices.


Wind River Hypervisor

Wind River Hypervisor is an embedded hypervisor that brings a new level of flexibility to the development of embedded devices. Small, Scalable, Type 1 Embedded Virtualization.


Wind River Products

Based on industry-standard and patent-pending hardware diagnostic capabilities, Wind River on-chip debugging solutions combine hardware debugging with a project-based, integrated development environment to reduce development costs and complexity.


Wind River Linux

Since 2004, Wind River Linux platforms have delivered the best of open source technology, integrated and optimized for embedded development, with the vision, the innovation, and the business-risk mitigation only a mature technology vendor can provide. Here are the top nine reasons our customers choose Wind River Linux over commercial and roll-your-own alternatives.


Wind River VxWorks RTOS – The World's #1 RTOS for Embedded Real Time Systems

The first RTOS with 32-bit and 64-bit processing, multi-core and multi-OS support, and diverse connectivity options, VxWorks provides our customers with the leading-edge RTOS functionality they require to stay competitive. VxWorks is designed for use in various multi-core configurations as a single operating system in symmetrical multiprocessing and asymmetrical multiprocessing modes or as a guest RTOS on top of Wind River Hypervisor.